I discuss an interesting attack vector which not many people do to possibly bypass 2 factor authentication in a web application.